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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, tiowever, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply vvithin the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on . 

2a)n This action is FINAL. 2b)l3 This action is non-final. 

3) n Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-18 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) 13 Claim(s) 1-18 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

1 0) 0 The drawing(s) filed on is/are: a)\Z\ accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) n The oath or declaration is objected to by the Examiner. Note the attached Office Action orfonn PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-18 are pending for examination. 

2. Claims 1-18 are rejected. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. 

3. Claims 1-18 are rejected under 35 U.S.C. 102(e) as being anticipated by Coss et al, U.S. 
Patent 6,098,172. 

4. As per claim 1; "A method of processing packets at a firewall in a packet-switched 
network comprising: receiving an outbound packet from a process group network address; and 
authorizing subsequent inbound packet traffic destined for the process group network address 
[ABSTRACT, col. l,Hnes 59-col. 2,line 41, col 4,lines 17-col 9,Iine 33, whereas the "stateful" 
and dependency mask packet filtering aspects utilizing rules/rule sets that allow for "rule 
processing of subsequent packets" in multiple domain with "included" address ranges (i.e., group 
network address), and additionally the "session key" cache relationships to the rules searching, 
constitutes authorizing subsequent packet received as a function of a previous one going out.]."; 

Further, as per claim 10; "A computer readable medium containing executable program 
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instructions [This claim is the software computer-readable medium claim for the method claim 1 
above, and is rejected for the same reasons provided for the claim 1 rejection] for performing a 
method on a firewall connected to a packet-switched network comprising the steps of receiving 
an outbound packet from a process group network address, and authorizing subsequent inbound 
packet traffic destined for the process group network address ", 

5, Claim 2 additionally recites the limitation that; "The invention of claim 1 fUrther 
comprising the subsequent step of canceling authorization for subsequent inbound packet traffic 
destined for the process group network address after a period of time/\ The teachings of Coss et 
al suggest such limitations (ABSTRACT, col 1, lines 59-col. 2,line 41, coL 4,lines 17-coL 9,line 
33, col. 9,lines 15-34, col. 10,lines 60-63, whereas the "time limited rules... for a specified time 
period", "threshold rules" authorization upon specific conditions, rule application as a fimction 
of "the time of day or day of the week.", FTP proxy session "made active for only a Umited 
time", and "dynamic rules apply for the life of the session" deal with this limitation.); 

Further, as per claim 1 1 additionally reciting the limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 2 above, and is 
rejected for the same reasons provided for the claim 2 rejection] of claim 10 ftirther comprising 
the subsequent step of canceling authorization for subsequent inbound packet traffic destined for 
the process group network address after a period of time.". 

6. - Claim 3 additionally recites the limitation that; "The invention of claim 2 wherein the 
outbound packet begins a connection protocol and authorization is canceled after the connection 



Application/Control Number: 09/771,81 1 Page 4 

Art Unit: 2136 

terminates ". The teachings of Coss et al suggest such Hmitations (ABSTRACT, col. l,Hnes 59- 
col 2,Une 41, col 4,Unes 17-coL 9,Hne 33, col. 9,lines 15-34, col. 10,Iines 60-63, whereas the 
dependency mask packet filtering aspects utilizing rules for the first packet of a network session, 
the "session key" cache relationships to the rules searching, FTP proxy session "made active for 
only a limited time", and "dynamic rules apply for the life of the session" deal with this 
limitation); 

Further, as per claim 12 additionally reciting the limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 3 above, and is 
rejected for the same reasons provided for the claim 3 rejection] of claim 1 1 wherein the 
outbound packet begins a connection protocol and authorization is canceled after the connection 
terminates". 

7. Claim 4 additionally recites the limitation that; "The invention of claim 1 wherein the 
addresses are expressed as IPv4 address.". The teachings of Coss et al suggest such limitations 
(ABSTRACT, col. l,lines 59-col. 2,line 41, col. 4,lines 17-col. 9,line 33, col. 9,lines 15-34, col. 
10,lines 60-63, whereas the Internet network embodiments inherently utilizing IPv4, and IPv6 
(i.e., in "Tunnel requirements" and "IPSEC requirements" tunneling and security aspects) deal 
with this limitation ); 

Further, as per claim 13 additionally reciting the limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 4 above, and is 
rejected for the same reasons provided for the claim 4 rejection] of claim 10 wherein the 
addresses are expressed as IPv4 address.". 
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8. Claim 5 additionally recites the limitation that; "The invention of claim 1 wherein the 
addresses are expressed as IPv6 addresses, wherein a portion of the address is reserved to 
identify a host process group.". The teachings of Coss et al suggest such Umitations ( ); 

Further, as per claim 14 additionally reciting the limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 5 above, and is 
rejected for the same reasons provided for the claim 5 rejection] of claim 10 wherein the 
addresses are expressed as IPv6 addresses, wherein a portion of the address is reserved to 
identify a host process group.". 

9. As per claim 6; "A method of processing packets at a host which are destined for a 
firewall in a packet-switched network comprising the steps of: assigning a process group 
network address to a first outbound packet commencing a process; transmitting the outbound 
packet to a firewall on its path to its destination in a packet-switched network; receiving inbound 
packets addressed to the process group network address; and receiving and associating inbound 
packets addressed to the process group network address with the process [ABSTRACT, col. 

1, lines 59-coL 2,line 41, col. 4,lines 17-col. 1 1, line 1 1, whereas this claim deals with the 
applicants invention from the point of view of the host forward of packets to the firewall, such 
that the use of proxy to firewall connection functionality, as broadly interpreted by the examiner, 
encompasses these limitations, and fiirther, "stateftil" and dependency mask packet filtering 
aspects utiUzing rules/rule sets that allow for "rule processing of subsequent packets" in mulfiple 
domain with "included" address ranges (i.e., group network address), and additionally the 
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"session key" cache relationships to the rules searching, constitutes authorizing subsequent 
packet received as a flinction of a previous one going out ] 

Further, as per claim 15; "A computer readable medium containing executable program 
instructions [This claim is the software computer-readable medium claim for the method claim 6 
above, and is rejected for the same reasons provided for the claim 6 rejection] performing a 
method on a host connected to a packet sv^itched network comprising the steps of: assigning a 
process group network address to a first outbound packet commencing a process; transmitting 
the outbound packet to a firewall on its path to its destination in a packet-switched network; 
receiving inbound packets addressed to the process group network address; and receiving and 
associating inbound packets addressed to the process group network address with the process.". 

10. Claim 7 additionally recites the limitation that; "The invention of claim 6 wherein the 
process is a connection across the packet-switched network to another host.". The teachings of 
Coss et al suggest such limitations (ABSTRACT, col. l,lines 59-col. 2,line 41, col. 4,Unes 17- 
col 11, line 11, figure 4 and accompanying description, whereas TELNET, email, etc., constitute 
connection across the packet-switched network to another host.); 

Further, as per claim 16 additionally reciting the limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 7 above, and is 
rejected for the same reasons provided for the claim 7 rejection] of claim 15 wherein the process 
is a connection across the packet-switched network to another host.". 
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1 1 . Claim 8 additionally recites the limitation that; "The invention of claim 6 further 
comprising the step of notifying the firewall when the process terminates ". The teachings of 
Coss et al suggest such Umitations (ABSTRACT, col 1, lines 59-col. 2,line 41, col 4,lines 17- 
col. 1 l,line 1 1, figure 4 and accompanying description, whereas the dependency mask packet 
fihering utilizing rules for the first packet of a network session, the "session key" cache 
relationships to the rules searching, FTP proxy session "made active for only a limited time", and 
"dynamic rules apply for the life of the session" aspects all deal with communications of 
information the firewall uses in it's filtering decisions, inclusive of decisions to terminate 
connections related to associated processes deal with this limitation ); 

Further, as per claim 17 additionally reciting tho limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 8 above, and is 
rejected for the same reasons provided for the claim 8 rejection] of claim 15 further comprising 
the step of notifying the firewall when the process terminates ". 

12. Claim 9 additionally recites the limitation that; "The invention of claim 6 wherein the 
host uses a dynamic host configuration protocol to dynamically assign the process group network 
address.". The teachings of Coss et al suggest such limitations (ABSTRACT, col. l,lines 59-col. 
2,line 41, col. 4,hnes 17- col. 1 1, line 11, figure 4 and accompanying description, whereas the 
network address translation aspects, and fiirther, that the "dial-up access gateway" aspect (with 
DHCP as part of dial-up ISP support services) deal with this limitation.); 

Further, as per claim 18 additionally reciting the limitation that; "The invention [This 
claim is the software computer-readable medium claim for the method claim 9 above, and is 
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rejected for the same reasons provided for the claim 9 rejection] of claim t5 wherein the host 
uses a dynamic host configuration protocol to dynamically assign the process group network 
address,". 



13. Any inquiry concerning this communication or earlier communications from examiner- 
should be directed to Ronald Baum, whose telephone number is (703) 305-4276. The examiner 
can normally be reached Monday through Friday from 8:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax numbers for the 
organization where this application is assigned are: 
After-final (703) 746-7238 

Official (703) 746-7239 

Non-Official/Draft (703) 746-7246 
Ronald Baum 
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